Permission Profiles

Permission profiles let you control exactly what Claude Code can access on your server. This is critical for working safely with production data.

How Profiles Work

When you send a task, PlanDrop tells Claude Code which tools it can use via the --permission-mode flag and .claude/settings.json configuration.

During the Plan phase, Claude Code can only read — it cannot modify files or run commands.

During the Execute phase, Claude Code’s capabilities depend on your selected profile.

Built-in Profiles

Plan Only

Use for: Reviewing code, asking questions, getting suggestions

Claude Code can:

• Read any file
• Analyze code structure
• Suggest changes (as text)

Claude Code cannot:

• Write or edit files
• Run any shell commands

Edit Files Only

Use for: Safe file modifications without execution risk

Claude Code can:

• Read files
• Write new files
• Edit existing files

Claude Code cannot:

• Run shell commands
• Execute scripts
• Install packages

Bioinformatics

Use for: Genomics, transcriptomics, single-cell analysis

Claude Code can:

• All file operations
• Alignment: STAR, bowtie2, hisat2, bwa
• Variant calling: samtools, bcftools, GATK
• QC: fastqc, multiqc, fastp
• Single-cell: scanpy (via python), cellranger
• Workflows: snakemake, nextflow
• Packages: conda, mamba, pip
• Languages: python, R, perl

Claude Code cannot:

• sudo or root operations
• Recursive deletion of system directories
• Modifications to ~/.ssh

ML/Deep Learning

Use for: Model training, experiments, GPU workflows

Claude Code can:

• All file operations
• Python: python, pip, conda
• GPU: nvidia-smi, gpustat
• Experiment: jupyter, tensorboard, wandb
• Containers: docker, singularity
• Build: cmake, make, gcc

Full Access

Use for: Trusted environments, development machines

Caution

Full Access removes all restrictions. Only use on machines where accidental damage is acceptable.

Claude Code can:

• Everything

Custom Profiles

Create your own profile by editing .claude/settings.json:

{
  "permissions": {
    "allow": [
      "Bash(python3:*)",
      "Bash(git:*)",
      "Bash(npm:*)",
      "Write(src/*)",
      "Edit(src/*)",
      "Read(*)"
    ],
    "deny": [
      "Write(*.env)",
      "Write(.git/*)",
      "Bash(rm -rf:*)"
    ]
  }
}

Pattern Syntax

• Bash(command:*) — Allow any arguments to command
• Bash(python3:*.py) — Allow running .py files
• Write(src/*) — Allow writing to src/ directory
• Read(*) — Allow reading any file

Deny Rules

Deny rules take precedence over allow rules:

{
  "allow": ["Write(*)"],
  "deny": ["Write(*.env)", "Write(.git/*)"]
}

This allows writing to any file except .env files and the .git/ directory.

Dynamically Approving Commands

When Claude Code tries a blocked command, PlanDrop shows it in the activity feed with an “Approve and Re-run” button.

Clicking this adds the specific command to the allow list for the current session only. This lets you grant one-off permissions without changing your profile.

Best Practices

1. Start restrictive — Use Plan Only to understand the task, then switch to a more permissive profile
2. Match your domain — Use Bioinformatics for bio work, ML for training, etc.
3. Protect sensitive paths — Always deny write access to .env, credentials, .ssh
4. Review before Full Access — Only use Full Access after verifying the task is safe

Next Steps

• Session Continuity — Build on previous work
• Activity Feed — Understanding Claude’s actions